coreruleset icon indicating copy to clipboard operation
coreruleset copied to clipboard
verified publisher icon coreruleset

Some rules are NOT doing IIS specific decoding of ARGS* data

Open azurit opened this issue 1 year ago • 0 comments

Rules 921151, 932190, 942441, 942442 and 942460 are doing UrlDecode for ARGS* (this is done automatically by engine) but NOT UrlDecodeUni (which happens after removing UrlDecode transformation), which includes also decoding of data specific for IIS. We are not sure if we need or want it so this needs to be decided. More info can be found here.

azurit avatar Nov 02 '24 11:11 azurit